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Attorney Docket # 4925-l$0PUS 
IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re National Phase PCT Application of \ 

Serge HAUMONT | 

International Appln. No.: PCT/H00/(X)353 i 

International Filing Date: 25 April 2000 \ 
For: New Method for Checking the Data 



PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents 
Washington, D.C. 20231 
BOX PCT 

SIR: 

Prior to exammation of the above-identified application please amend the 
application as follows: 
IN THE SPECIFICATION: 

Page 1, before line 2, the paragraph beginning with "The invention concerns" , insert the 
following title: 

FIELD OF THE INVENTION -. 
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Page 1, before line 5, the paragraph beginning with "Security is becoming", insert the 
following title: 

- BACKGROUND OF THE INVENTTON - 

Page 3, before line 35, the paragraph beginning with "An object of the", insert the 
following title: 

- SUMMARY OF THE INVENTION - 

Page 5, before line 27, the paragraph beginning with "The present invention", insert the 
foUowmg paragraph and title: 

-- Other objects and features of the present invention will become apparent from the following 
detailed description considered in conjunction with the accompanying drawings. It is to be 
understood, however, that the drawings are intended solely for purposes of illustration and not as 
a definition of the limits of the invention, for which reference should be made to the appended 
claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 



Page 6, before line 5, the paragraph beginning with "In the present invention" , insert the 
following title: 

- DETAILED DESCRIPTION OF THE PRESENTLY PREFERRED EMBODIMENTS - 
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Page 11, after the last line, insert the following paragraph: 
--Thus, while there have been shown and described and pointed out fundamental novel features of 
the present invention as applied to a preferred embodiment thereof, it will be understood that 
various omissions and substitutions and changes in the form and details of the devices described 
and illustrated, and in their operation, and of the methods described may be made by those skilled 
in the art without departing from the spirit of the present invention. For example, it is expressly 
intended that all combinations of those elements and/or method steps which perform substantially 
the same function in substantially the same way to achieve the same results are within the scope of 
the invention. Substitutions of elements from one described embodiment to another are also fiiUy 
intended and contemplated. It is also to be understood that the drawings are not necessarily drawn 
to scale but that they are merely conceptual in nature. It is the intention, therefore, to be limited 
only as indicated by the scope of the claims appended hereto.-. 

Page 12, line 1, delete "Oaims" and insert therefor -What is claimed is:-. 

IN THE CLAIMS : 

Please amend claim 17 to read as follows: 

17. A station according to claim 15, characterized in that the station is a mobile station 

(101). 



-3- 
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Add the following new claim: 

18. A station according to claim 16, characterized in that the station is a mobile station 



REMARKS 

This preliminary amendment is presented to place the application in proper form 



for examination and to eliminate multiple dependency from the present claims. No new matter 
has been added. Early examination and favorable consideration of the above-identified application 
is earnesdy solicited. 

Any additional fees or charges required at this time in connection with the 
application may be charged to our Patent and Trademark Office Deposit Account No. OQ-2412. 



Michael C. Stuart 
Reg. No. 35,698 
551 Fifth Avenue, Suite 1210 
New York, N.Y. 10176 
(212) 687-2770 



(101). 



Respectfully submitted, 

COHEN, PONTANI, LIEBERMAN & PAVANE 
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AMENDMENTS TO THE SPECIFICATION AND CLAIMS SHOWING CHANGES 

In the claims: 

17. A station according to claim[s] 15 [or 16], characterized in that the station is a 
mobile station (101). 
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New method for checking the data 



The invention concerns the security of the data transmission and the checking the 
data, especially in digital mobile telecommunication networks. 

5 Security is becoming more and more important in the field of communications. The 
paper-based communication is used less and modem electronic systems are used 
more and more. This trend increases the risk that inforaiation transmitted via 
electronic networks falls into the hands of somebody to whom it was not meant to. 
The data can also change during the transmission because of the different kinds of 
1 0 interference in the transmission path. 

Methods have been developed by means of which the receiver can notice, if 
somebody has altered the data between the sending end and the receiving end. The 
same methods can be used to detect, if the data has changed as a result of inter- 
ference in the transmission path. Usually these methods utilize some kind of error 
15 detecting algorithm codes, like parity checking. 

One very effective method to carry out the error detection is to use the so called 
cyclic redundancy check (CRC). CRC is a very powerful but easily implemented 
technique for obtaining data reliability. The basic idea in CRC is that the transmitter 
appends an extra n-bit sequence to eveiy data frame. This extra n-bit sequence is 

20 called frame check sequence (FCS). The FCS is generated by the transmitter from 
tlie original data frame. The resulting frame (the cascade of the original frame and 
the FCS) is divisible by some pre-defined polynomial which is called the CRC 
polynomial. In the receiving end the fransmitted data frame is divided by the CRC 
polynomial. The remainder of the division is checked and if it equals to zero the 

25 transmitted data has not changed in the fransmission path. 

In addition to the error check there is need for securing the data so that nobody else 
than justified receiver is able to find out the content of the data frame. In principle 
there are two different security methods available. These methods are based on an 
algorithm or algorithms which are used to encrypt and decrypt the data. The first 
30 security method is based on a secret key method. In the secret key method there is 
used only one key or one algorithm to encrypt and deciypt the data. Both thie sender 
and the receiver of the data use the same secret key. The most important point in the 
secret key method is that the key should be kept secret so that the only persons who 
know the key are the sender and the receiver. One of the biggest problems in the 
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secret key method is that the key should be transmitted secretively from the first 
user to another and this means that a third party has an opportunity to get the secret 
key. 

The second security method is based on a so called secret and public key pair, A 
user creates these two keys. The public key is given available for everybody. All 
other users encrypt their messages meant for the publisher of the public key by 
using the public key. The encrypted message can be decrypted only with the secret 
key which is known only by the publisher of the keys. The advantage of the public 
key method is that there is no need to transmit the secret key and because of this the 
security is better than in the previously described secret key method. The power of 
the public and secret key method is that the method is mathematically very heavy so 
that the decryption of the encrypted data without the secret key takes so long time 
that the encrypted data is out-of-date when the decryption is accomplished without 
the correct keys. 

Digital signature is used to identify the signer, who is the sender of the data. 
Advantageously in the digital signature method it is used the secret and public key 
method to achieve the signature for a certain data. Digital signature works for 
example like this: The sender of tlie message derives for example an error check 
value from the original message. After this the sender of the message enciypts the 
error check value with his secret key and sends the original message and the 
encrypted error check value to the receiver. The receiver decrypts the encrypted 
error check value with the sender's public key, which the sender has delivered to 
everybody. The receiver also derives the error check value from the original 
message and compares these two error check values. If the values are equal, the 
message is from the correct sender. If they don't equal, the message has been 
corrupted. 

It is planned that the mobile telecommunication networks, like the GSM, will be 
capable to transmit the data as a data packets. In GSM this is achieved by combining 
a so called GPRS (General Packet Radio Service) network to the GSM network. In 
figure 1 it is shown one possible arrangement of the GPRS network. There is shown 
a mobile station 101, which is in connection to MSG (Mobile Switching Centie) 104 
through BTS (Base Transceiver Station) 102 and BSC (Base Station Controller) 

103. There can be attached different types of networks, like for instance PSTN 
(Public Switched Telephone Network) network 105 and SS7 network, to the MSC 

104. A new network element is arranged to the BSC 103, which is called PCU 
(Packet Control Unit) 107, However, it is by no means compulsory that the PCU 
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(107) is located at the BSC (103), but it can be as a separate unit or attached to the 
BTS (102) as well. The PCU 107 is arranged to control the data packets. The packet 
network 112 is attached to other network topology through the PCU 107. Between 
the GPRS backbone network 113 and the PCU 107 it is arranged a SGSN (Serving 
5 GPRS Support Node) node 108. A GPRS register 109, or more generally a home 
location register that contains user related information, into which some kind of 
subscriber-related information concerning GPRS service network element is saved, 
is also a part of the GPRS network. GGSN (Gateway GPRS Support Node) nodes 
1 10 are the elements through which any other kind of packet network 111, like IP, 
10 OS! data or X.25, can be attached to the GPRS network. In figure 1 the solid line 
symbolizes the data transmission and the signalling between the network elements 
and the broken line symbolizes that there are signalling between tlie network 
elements. A similar arrangement is planned to the third generation mobile tele- 
communication networks for transmitting the data as a packet data. 

15 It is important to know that the received data is firom the correct sender. The 
methods shown here are also applied to verify the sender of the data as previously 
shown. One possible way to do the verification is to derive a so called 
authentication value from the original data, which authentication value is a kind of 
digital signature. The authentication value can be arranged so that it may be derived 

20 from various inputs. The input can be e.g. a packet number, the direction (uplink or 
downlink) of the transferred packet, a secret key or any other similar value. The 
algorithm, by means of which the authentication value is calculated, is the same or 
the reverse at the sending end and at the receiving end. The algorithm is kept secret 
if it is not strong enough. The calculated authentication value is carried in each 

25 packet so that every single packet include the key by means of which the content of 
the data packet can be checked, whether is original or not. In the examples 
described in this application, usually the exclusive OR (XOR) mathematical 
function is used. However, it is evident to a man skilled in the art that any function f 
for which exists an inverse function f ' so that f '(f(x)) gives x can be used as well. 

30 This authentication method shown has one big disadvantage. It increases 
significantly the packet size, because the calculated authentication value is trans- 
mitted in every data packet separately fi-om the rest of the data to be transmitted. As 
a result, a part of the capacity for data transmission is wasted because of these 
additional authentication value fi-ames. 

35 An object of the present invention is to provide a new method by means of which 
the authentication value can be transmitted in a packet data transmission network 
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without increasing the packet size. It provides a simple per packet auttienticatiQii so 
that the receiver can with one check deiennbie if the packet is valid or not. A second 
object of ttie present invention is to provide a transmitter, which is capable of 
anranging the authenticatioii value into a packet so that the packet size is iiot 
5 increased A third object of the present invention is to provide a receiver, which is 
capable of checking, if the traosmitied data has changed in the transncnssion path. A 
fourth object of the present invention is to provide a mobile station v/hick is capable 
of transmitting and receiving the authentication value without increasing the packet 
size. 

The above stated objects are achieved by combining the autheatication value to the 
error check data so that it does npt add the packet size. Combining the 
authentication value to error check data is done by using a logical iunction, for 
example. At the receiving end the combination of the error check vEdue and the 
authentication value is processed so that the integrity of the data can be checked. 

The advantage of the present invention is that by using this arrangement in a 
telecommunication system the bandwidth of the system can be saved. It ialso enables 
the use of digital signatures with fixed length frames of present protocols without 
changing the fcame formats. As a result, the authenticity can be provided without 
increasing the packet size. One very important aspect is that the invention is 
applicable in all digital communication systems. 

The method according to the invention is a method for checking data, and it is 
characterized in that a first reference value is calculated at least partly based on a 
first error check value calculated from the data and a first authentication value for 
the data. 

25 The transmitter according to the invention is characterized in that the transmitter 
comprises 

" means for deriving an authentication value from the data to be transmitted, 

" means for deriving an emor check value from the data to be transmitted jand 

- means for combining said authentication value and said error check vjilue with a 
30 logical function for producing a fiist reference value. 

The receiver for receiving data having means for checking received datai according 
to tihe invention is characterized in that the receiver comprises 
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- means for deriving a firs: reference value from the received data, 

- means for calculating a second error check value from dxe received data, 

- means for deriving an authentication value for the received data, 

- means for calculating a second refer^ce value at least partly based on a first and a 
5 second value from the set of said second error check value, a second authentication 

value and said first reference value, and 

- means for comparing said second reference value with a third value from the set of 
said second error check value, said second authentication value and said first 
reference value. 

10 The station, comprising a transmitter and a receiver, according to the invention is 
chaiacterized in that flie transmitter comprises 

- means for deriving a first authentication value frmn the data to be transmitted, 

- means for deriving a first error check value from the data to be transmitted, and 

- means for combining said first authentication value and said first error tieck value 
15 with a logical Junction for producing a first reference value 

and the receiver comprises 

- means for deriving a first reference value from the received data, 

- means for calculating a second error check value from the received data, 

•means for deriving an authentication value for the received data, this 
20 authentication value being a second authentication value, 

- naysans for calculating a second reference value at least partly based on a first and a 
second value from the set of said second error check value, said second 
authentication value and said first reference value, and 

- means for comparing said second reference value with a third value from the set of 
25 said second error check value, said second authentication value and said first 

reforence value. 

The present inveation will now be described more in detail in the followirtg widi the 
reference to the accompanying drawings, in which 
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fig' ^ illustrates one possible arrangement of riie GPRS network, 
-£s- 2 , illustrates one possible airangement at die sending end, 
_fig- 3 ^ illustrates one possible azrangement at the receiving end and 

fig. 4 illustrates a block diagram of a mobile station. 

In the present invention the data traosmitted is processed at the both en^ds, that is at 
the sending end and at the receiving end, in the same way so that the integrity of the 
message can be checked. At the sending end, as shown in figure 2, the error check 
value, which in this preferred embodiment is a CRC 205, is derived from the 
original data 201. Next, the authentication value 202, which can be derived for 
instance by using a packet number or a secret key as an input and a secret algorithm, 
is combined to the C3RC field. The broken line describes that the autlientication 
value 202 is in some way derived from the original data 201. The combination of the 
CRC 205 and the authentication value 202 is carried out in this preferred 
embodiment of the invention by using the logical function "exclusive-OR" (XOR) 
203. XOR 203 is a funcdon which produces an output of 1 when exactly one of its 
two inputs is L As a result, the data, which is to be sent, comprises the original data 
field 201 and another field, which consist of the XORed value 308 of the CRC 205 
and the authentication value 202. To a man skilled in the art it is obvious that the 
authentication value 202 can be any value, which is advantageously possible to 
derive from the original data 201. 

At the receiving end the data received is arranged to be processed vice versa, as 
shown in figure 3. The XORed data 308 is re-XORed 203 with the authentication 
value 302, which is the same as the authentication value 202 at the sending end in a 
case where the data sent is not changed. The auflientication value 302 can be 
derived from the received data 301 in the same way as at the sendrag end By using 
the rules of bmary algebra the result of this re-XORing 203 is CRC value 304. By 
comparing 305 this CRC 304 to another CRC 303 calculated at the receiving end 
from the received data, it can be found, if the data has changed in the transmission 
path. If the comparison 302 shows that the CRCs 303; 304 are die same, it means 
that die received data 301 has been transmitted without any changes 306. But, if the 
comparison 305 shows that the CRCs 303; 304 differ from each other, it means that 
the original data 201 has changed in the transmission path, or that the autllienticalion 
value 302 was not correct at the receiving end. As a result, the data received can be 
erased 306. 
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To a man skilled in the art it is obvious that the method shown reveals all cases 
when the original data 201 has been processed between the sending end and the 
receiving end in condition that the algorithm for deriving the authentication value 
202; 302 is kept secret. If the original data 201 has been changed, the CR.Cs 303; 
5 304 differ from each other as previously stated. As well, if the authentication value 
302 at the receiving end is not the same as the audientication value 202 at the 
sending end, the compared CRC values 303; 304 do not equal. The reason for this is 
that the XOR operation 203 to the XORed data 308 received and the authentication 
value 302 does not produce the original CRC value 205. 

10 To a man skilled in the art it is obvious that the check can also be performed so that 
at the receiving end CRC is calculated from the received data 301 and it is re- 
XORed with the XORed data 308 so that the result is the authentication value. 
Another authentication value can be derived somehow from the received data 301. 
As a result these two authentication values are compared 305 and if the comparison 

15 305 equals, the data has been transmitted without any changes. If the result of the 
comparison is unequal the data received can be erased. A third possibility to check 
the validity of data is that the receiver derives an authentication value 202 and an 
error check value 303 from the received data 301 and XORs them. The result of this 
XORing is compared to the XORed data value 308 which is received. If the 

20 comparison equals the received data is valid, if not the data has been corrupted in 
the transmission path. 

The input for the authentication value 202; 302 can preferably be a packet number 
or a secret key. At both ends it is used the same, advantageously secret, algorithm 
for calculating the authentication value 202; 302. As a resuh, the authentication 

25 value 202; 302 can for example be a CRC of the original data 201, which is 
encrypted with the secret key of the sender. To a man skilled in the art it is obvious 
that most preferably the authentication value 202; 302 is derived from such an input 
that is dependent on the data which is to be transmitted. One possible input for the 
authentication value 202; 302 is the direction (uplink or downlink) of transferred 

30 data packet. 

It is obvious that the data field can also be encrypted so that nobody not justified is 
capable to read the message. The methods shown previously can be used to perform 
this encryption. 

One possible application of this invention is to use it in all solutions where the so 
35 called packet data transmission is used. As an example, we consider a situation 
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where a mobile station 101 is communicating with another mobile station 101 
through the GPRS network. The mobile station 101 is arranged to secure the data to 
be transmitted so that nobody not justified is able to change the data. When the data 
is ready to be sent, the CRC 205 is derived from the digital data 201 in the trans- 
5 mitter block of the mobile station 101. As well the authentication value 202 is 
derived from the digital data 201 in the transmitter block. The CRC 205 and the 
authentication value 202 are combmed together with a logical frmction 203. In the 
transmitter block of the mobile station 101 the original digital data 201 and the 
combination of the CRC 205 and authentication value 202 are arranged to the same 
10 data packet which data packet is sent. 

The data packet is transmitted for instance through the GPRS network to another 
mobile station 101. The receiver block of the mobile station 101 receives the data 
% packet, or more precisely, the combination of blocks 301 and 308, and derives the 

m authentication value 302 in the same way as at die transmitter block. This derived 

J2r 15 authentication value 302 is combined with the XORed data field 308 with the same 
Iiri logical operation 203, advantageously with XOR function, as in the transmitter 

J'j block. The result of this combination is according to this preferred embodiment of 

the invention the CRC value 304. The receiver block derives another CRC 303 from 
J; 5 the original data for checking, if the data is from the original sender. The check may 

l2 20 be done by comparing 305 these two CRC values 303; 304. If the comparison 305 
irl shows that the data is valid 306, the receiver block of the mobile station 101 passes 

Jjf^ the data onto the other blocks of the mobile station 101 so that the user of the 

mobile station 101 is able to find out the content of the data. If the comparison 305 
fails, it shows that an unauthorized person has changed the data or the data has been 
25 corrupted during the transmission, the data can be erased 307 in the receiver block 
of the mobile station 101. Alternatively the data can be shown to ttie user of the 
mobile station 101 with the notification that the data has changed in the trans- 
mission path. To a man skilled in art it is obvious that the data transmitted between 
the user of the transmitting mobile station 101 and the user of the receiving mobile 
30 station 101 can be any type of data w^hich is possible to transmit through a packet 
data network. Further, to a man skilled in the art it is obvious that the logical 
fimction shown previously may be implemented by using the logic gates in 
hardware. As well, the same can be achieved with software. 

Figure 4 shows a block diagram of a digital mobile communication means according 
35 to an advantageous embodiment of the invention. The mobile communication means 
comprises a microphone 401, keyboard 407, display 406, earpiece 414, antenna 
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duplexer or switch 408, antenna 409 and a control unit 405, which all are typical 
components of conventional mobile coxmmmication means. Further, the mobile 
communication means contains typical transmission and receiver blocks 404, 411. 
Transmission block 404 comprises functionality necessary for speech and channel 
coding, enciyption, and modulation, and the necessary RF circuity for 
amplification of the signal for transmission. Receiver block 411 comprises the 
necessary amplifier circuits and functionality necessary for demodulating and 
decryption of the signal, and removing channel and speech coding. The signal 
produced by the microphone 401 is amplified in the amplifier stage 402 and 
converted to digital form in the A/D converter 403, whereafter the the signal is 
taken to the transmitter block 404. The transmitter block encodes the digital signal 
and produces the modulated and amplified RF-signal, whereafter the RF signal is 
taken to the antenna 409 via the duplexer or switch 408. The receiver block 411 
demodulates the received signal and removes the encryption and channel coding. 
The resulting speech signal is converted to analog form in the D/A converter 412, 
the output signal of which is amplified in the amplifier stage 413, whereafter the 
amplified signal is taken to the earpiece 414. The control unit 405 contiols the 
fimctions of the mobile communication means, reads the conunands given by the 
user via the keypad 407 and displays messages to the user via the display 407. 
Further, in this preferred embodiment the transmitter block 404 comprises first 
means 416 for deriving an authentication value from the data to be transmitted, 
second means 417 for deriving an error check value fi*om the data to be transmitted 
and third means 418 for combining said authentication value and said error check 
value with a logical function for producing a fust reference value. Correspondingly, 
in this preferred embodiment the receiver block 41 1 also comprises first means 420 
for deriving a first reference value from the received data, second means 421 for 
calculating a second error check value from the received data, third means 422 for 
calculating a second reference value at least partly based on a first and a second 
value from the set of said second error check value, a second authentication value 
and said first reference value, and fourth means 423 for comparing said second 
reference value with a third value from the set of said second error check value, said 
second authentication value and said first reference value. The means mentioned 
can be any kind of arrangements which are capable to perform the operations 
described. For example the means can be computer programs, which are used by a 
microprocessor 415;419ina transmitter 404 and a receiver block 411 in a mobile 
station for performing the operations described. 



wo 00/65765 



PCT/FIOO/00353 



10 

The present invention is not limited to the embodiment of Fig. 4, which is jpresented 
as an example only. For example, the invention can as well be applied to an analog 
communication means. 

The previously described data check can also be arranged so that the check is 
5 carried out in a network element. For example the GPRS network comprises a 
SGSN 108 which is communicating with the mobile station 101 through a logical 
link called LLC. LLC has a CRC function (ETSI GSM 03.60). According to one 
preferred embodiment of the invention the authentication value has been added to 
the CRC field to provide a per packet authentication. The benefit is that the network 

10 operator can be sure that the packet is originating from the valid user. This method 
can in certain cases (traffic is encrypted by the user, browsmg public web sites) 
avoid the use of ciphering. Additionally, with this arrangement the network operator 
is capable of performing the billing according to the use of the network. To a man 
skilled in the art it is obvious that the SGSN 108 comprises the corresponding 

15 means 415; 416; 417; 418; 419; 420; 421; 422; 423 for checking the data as the 
receiver block 404 and the transmitter block 411. The network element mentioned 
can be any other network element than the SGSN 108. To a man skilled in the art it 
is obvious that the network element can in an advantageous embodiment of the 
invention comprise the means 415; 416; 417; 418; 419; 420; 421; 422; 423 

20 described previously. The operations of the means can also be performed with any 
other possible way which is suitable for telecommunications. 

For example the same operations can be performed in a transmitter block and in a 
receiver block of a base station. 

The method shown can also be applied to file management and ciphering in 
25 computer systems. For example the operating system can check if the valid 
administrator has made the changes to the settings of the operating system by 
comparing the user-specific values which can be derived from the file the user has 
changed. If the settings file has been changed by any other person but the valid 
administrator the changes will be cancelled. 

30 The packet data network may be any kind of network which is capable to transmit 
data as a data packets. In addition to GPRS network in GSM system or UMTS 
system the network can be for example an Internet Protocol network. 

A digital signature created with the previously described pubhc and secret key 
method can also be used as the authentication value in an advantageous embodiment 
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of the invention. The CRC value can be any other error check value which can be 
applied to the arrangements previously described. 

To a man skilled in the art it is obvious that the original data 201 in the data packets 
can be encrypted so that it is not possible for persons not justified to find out the 
content of the message. One possible solution to achieve this is to use the public and 
secret key method for encrypting the original message before the previously 
described operation. 

To a man skilled in the art it is obvious that the mobile station 101 mentioned can 
be understood as an any kind of station which is capable of transmitting data in data 
packets. The station can be for example a computer device or any other kind of 
station which uses a wireless data transmission. 

As well it is obvious to a man skilled in the art that the term packet in this context 
can be understood as any kind of element, like a frame or a cell (in ATM), in which 
data is transferred. 
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Claims 

1. A method far checking of data, characterized in that 

- a first ref^nce value (204) is calculated (203) at least partly based on a first eiror 
check value (205) calculated from the data and a j&rst autiientication value (202) for 

5 the data. 

2. A method according to claim 1, eharacterized in that when checlding the data 

- a second error check value (303) is calculated from the data, 

- a second authentication value (302) is derived for the data, 

- a second reference value is calculated at least partly based on a first md a second 
value from the set of said second error check value, said second authentication value 
aud said first reference value, 

- said second reference value is conqjared (305) with a third value from the set of 
said second error check value, said second authentication value and said first 
refOTence value, 

3 . A method according to claim 1, characterized in that the data is in the form of 
packets to be sent from a transmitter to a receive and said first refwence value is 
added to the packet to be sent 

4- A method according to claim 3, characterized in that the data is to be sent in a 
cellular system, 

20 5. A method according to claim 1, characterized in that said ciilculation is 
performed with the exclusive-OR function. 

6, A method according to claim 2, characterized in that said first and second 
authentication values (202; 302) are derived at least pardy based on a secret key. 

7, A method according to claim 3, characterized in that said first authentication 
25 value (202) is derived at least partly based on a packet number. 

8, A method according to claim 3^ characterized in that said first authentication 
value (202) is derived at least partly based on the direction of the packet to be 
transmitted. 
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9. A meihod according to claim 2, cliaracti^ized in that said firsi: and second 
error check values are CRC values (205; 303; 304). 

10. A method according to claim 2, characterized in that said first and second 
authentication values are calculated at least partly based on the data. 

5 II . A transmitiw, characterized in that the transmitter comprises 

- means for deriving an authentication value (202) firom the data to be transmitted 
(201), 

- means for diving an error check value (205) firom the data to be transmitted (^01) 
and 

10 - means for combining said authentication value (202) and said error check value 
(205) with a logical function for producing a first reference value (204). 

12. A transmitter according to claim 11, characterized in fliat said logical 
function is exclusive-OR (203). 

13. A receiver for receiving data having means for checking rec^ved data, 
15 characterized in that the receiver con:q>rises 

- means for deriving a first reference value (308) ftom The received data, 

- means for calculating an error check value (303) from the received datsu 

- means for derivLng an authentication value (302) for the received data, 

- means for calculating a second reference value at least partly based on a firat and a 
20 second value from the set of said error check value, said authentication value and 

said first reference value, and 

- means for comparing said second reference value with a third value firom the set of 
said error check value, said authentication value and said first reference value. 

14. A receiver according to claim 13, characterized in that the receiver is 
25 arranged to cany out the logical function exclusive-OR (203). 

15. A station, compising a transmitter and a receiver, characterizecl in that the 
transmitter comprises 
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-means for deriviiig a first authentication value (202) from the data to be 
transmitted (201), 

- means for deriving a first error check value (205) from the data to be transmitted 
(201) and 

5 - means for combining said first authentication value (202) and said first error check 
value (205) with a logical function for producing a first reference value (204), 

and the receiver comprises 

' means for deriving a first reference value (308) from the received data, 

- means for calculating a second error check value (303) from the received data, 

10 ' means for deriving an authentication value (302) for the received HatA this 
authentication value being a second authentication value, 

- means for calculating a second reference value at least partly based on a first and a 
second value from the set of said second error check value, said second 
authentication value and said first reference value, and 

15 - means for comparing said second reference value with a third value fbam the set of 
said second error check value, said second authentication value and said first 
reference value. 

16. A station according to claim 15, characterized in that the mobile station (101) 
is arranged to carry out the logical function exclusive-OR ^03). 

20 17. A station according to claims 15 or 16, characterized in that the station is a 
mobile station (101), 
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Fig. 2 
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Fig. 3 
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